Re: [qubes-users] Qubes 4.0 Hardware Requirements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 23:41, Darko Vuković wrote: > On Tuesday, August 30, 2016 at 8:26:40 AM UTC+2, Andrew David Wong > wrote: On 2016-08-29 21:28, Drew White wrote: On Saturday, 20 August 2016 04:28:16 UTC+10, Andrew David Wong wrote: > I don't know enough about the AMD platform to answer > definitively, but if I'm interpreting this Twitter > exchange correctly, it sounds like you might be right: > > https://twitter.com/QubesOS/status/756041961203785728 > So what are the actual requirements for Qubes 4? > > The minimum requirements haven't been officially announced yet. > (Only the requirements for Qubes Hardware Certification have > been). > > > If I understood correctly, one peace of the puzzle is Intel EPT > (Extended Page Tables) enabled CPU's. So any laptop/notebook with > one of them. > >>> http://ark.intel.com/search/advanced?ExtendedPageTables= >>> true&MarketSegment=MBL > > but, what I've managed to find on this topic is that you should > avoid > > > - CPU with Intel® vPro Technology (so say good buy to: > http://ark.intel.com/search/advanced?s=t&MarketSegment=MBL&; > VProTechnology=true) > > > and > > - Intel wireless cards (use Atheros instead) > > There are also three versions of Intel ME (Management Engine), > Commercial and Consumer. They are both bad but consumer version is > crippled one (less bad). I'm not sure how can someone pick one or > the other but it would be nice to know. > > Potentially deadliest combination (privacy wise) is: CPU with vPro > Technology+Intel wireless card+Intel ME (commercial version) > > > It would be nice if someone could confirm(or deny) this and add > some more information regarding other hardware here. > > Thaks > This thread is about hardware *requirements* for 4.0, not hardware that it would be prudent to avoid for various reasons. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxS2zAAoJENtN07w5UDAwiOMQAL86BKrbyZ1c+uha6duEM2b+ w5XimnFl8AbvFfOEDC9j5m+6KW51HiJ3IASVJRAUCYRrMeqXrdcn7f+lEtsU6tx2 JfNugcTbz4vAZtA57G+HmhrlNs+7o21sROVXeXGCwfSfs9MaFNQ2G8wUus1CbW8z yj8cjzwcItbb437fF4HvAobbxqAjyulwdTmMMj0YjTCNjrOfYIpRb6E6HYajo5e4 4qyNzdA/O7tPnfqC08SOqCUMZWVUm/eqzK8peRlV5QvGHDfiq/Ck/B6I/uORhrMn w1TdcsQmG5nS15uPViMa3c1/729rvIDjp7z3CA10s9jxQ6I7rfJQqsL1uykbL0Bi xgvSbx8MGHUUxiFb51ZXmrlFZFNcATUz7gaxLLGVmnJRUvX/KNjKZcq7BWmy+80l WmK/mab3OmoD0Gx1Pg8bL5BdeKvLDP5QAh5Vb7ArCNcGErlgRzyhm2AcToFsmRej BJEDAvYo2yJXEVeDmzH51sp8sBYdWU5V3WbdgjOG5Vn23UqgtIBWiof3NmHl37OB kqCkn35M+25Pj/dBELEAFA1wAT/AHoOa1Yj63g91uaniDOcDyh+TzPQvj7/wYni5 H0cUMhG+1D0Gd+sHW4pQIf6x9nATHte/yfKoaukTCQ0pYVaIpK+QrlfYsf4Z7mqj SRSFvFsQWIvlpG8roWfL =tbqq -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ddcfb488-55fe-99e7-bb08-71fabed22508%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Requirements for Qubes Tools and seamless integration?
On Friday, August 26, 2016 at 5:23:09 AM UTC+2, Drew White wrote: > On Thursday, 25 August 2016 07:25:20 UTC+10, Andrew David Wong wrote: > > These probably aren't what you're looking for, but since you didn't say that > > you've already read these documents, and since they're relevant to the > > topic, > > I'll share the links here in case they happen to contain some information > > that > > is relevant to you: > > > > https://github.com/QubesOS/qubes-template-configs > > https://www.qubes-os.org/doc/building-non-fedora-template/ > > https://www.qubes-os.org/doc/building-archlinux-template/ > > Hi Andrew, > > You are correct, they are relevant. Yes, I have already read them the last > time I asked this question and someone linked me those. > > I was hoping for a new resolution and an actual answer, not a link to > something that does not have any information on what I'm asking. > > What you linked me are instructions on how to, not what I am needing to know. > > I don't want to download all that and more and do many things just to find > out that in the last 1% of it all that it won't work because I have to > install something first, or a different version. > > The main reason I'm asking what the prerequisites are is to know EXACTLY what > the MINIMAL requirement is to be able to get it running on Qubes. > > I can't use a no-gui option on the VM that is a CLI and then access it via > the console commands without it having the Qubes tools installed in it. > > In my OP I did say > "I still can't find any documentation on it that accurately tells me what I > want to know" > and > "Pretty much all the packages that are REQUIRED as a minimum to get it all to > work." > > This is what I'm after, not instructions. > > I'm trying to build a template, and the instructions there are not detailed > enough to tell me what I want and need to know, because I'm not an "end-user" > I'm a developer and a technician by trade. I like things to be cleaner and > more efficient than they currently are in some of the templates, including > the "minimal" templates, which aren't exactly minimal, since they are missing > things that are NEEDED and they have things that shouldn't be there as a > "minimal". (In my opinion at least) > > So by knowing WHAT is required, I will know what it is that I can turn into a > Template with Qubes integration. >From reading through the qubes-devel list a bit, I'm fairly sure that what you >ask for simply does not exist in a central location, because the few devs >there are have different priorities, and nobody else has stepped up to the >plate yet. Having said that, you can probably get an impression of what is >involved by reading the reports by the people who had a go at building the >archlinux and debian templates there; which involved quite a bit of trial & >error, as is obvious from the email chains. There are more exchanges to be >found, but these two seem relevant: https://groups.google.com/forum/#!searchin/qubes-devel/archlinux$20template|sort:relevance/qubes-devel/Jdqd_Cn1Gwg/FpgNBoVa6S0J https://groups.google.com/forum/#!searchin/qubes-devel/archlinux$20template|sort:relevance/qubes-devel/CB30pD5J56U/TmpIrj8yhswJ Your (only) other option is probably to have a look at the builder.conf etc. files for e.g. the archlinux template (or the debian template from qubes), and go from there. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/ffdf8434-2236-4aad-ab3c-3f9c3f1183b2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 Hardware Requirements
On Tuesday, August 30, 2016 at 8:26:40 AM UTC+2, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-29 21:28, Drew White wrote: > > On Saturday, 20 August 2016 04:28:16 UTC+10, Andrew David Wong > > wrote: > >> I don't know enough about the AMD platform to answer > >> definitively, but if I'm interpreting this Twitter exchange > >> correctly, it sounds like you might be right: > >> > >> https://twitter.com/QubesOS/status/756041961203785728 > >> > > > > So what are the actual requirements for Qubes 4? > > > > The minimum requirements haven't been officially announced yet. (Only > the requirements for Qubes Hardware Certification have been). > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXxScVAAoJENtN07w5UDAw7awQAJQKcANK2tzUGhaw+Q0tTK6u > g7EtPJ+BIAikSA73VyMNLPDII3Ys4/rX5mj4m1p7p0q6hESqICn3Uj+4kkcMgeIe > ipzkJma9bx9EWAiLNMU55pB5Co1tX78OBn+A9ESF2doYr95IOLDTNt1ktnIR1ERA > KmKWHD8b0zNmq+cEYYsUKNy12N2r+OM/81lr9V19rpFBP2cYJXph16C8ii/SNf4Z > zj0F+7rYhO0gQ6WzA6g131R9EwoHcQ5UO8ZDtc0ZFZynSnYxQjm7hHdHDEFeG9Nj > /scInlbq4mvHfE3ssEqKjbERqM51dptbpVBaHoMiDvQ975m00fieV8m+IY5ZX6iL > XHsJsGhJ2RfqmteSwh/LPn8GNVUQ77Rtk3mP73xTdjTXHAdWUZzwKlhUxeRxy2Qg > n0YlDQscFQCp8EvvuMjPx0FENbsIZ965KrUTPJBS4CDCpzGAH7w4i79m+eNuyZzd > J5KamNeP9zmWoBJfkdL7jYa32njxFZJm/99Ja75vlGwEvZCiO4aak/sYO69v13N4 > A18TQsSNfXIgCvsgOOZ9QMBpkPYciGgYz/zp5r3a3OJXxlc2Y/IS85C9r+2vwODV > cZp02tJ5gz4cKzscONRkaW8PXVL16MFVp/CAsxEsf6KBUz+rIFfib8Cn+S3nqZox > 4tQGUPsDQti2exnnnSYm > =Qg7x > -END PGP SIGNATURE- If I understood correctly, one peace of the puzzle is Intel EPT (Extended Page Tables) enabled CPU's. So any laptop/notebook with one of them. >> http://ark.intel.com/search/advanced?ExtendedPageTables=true&MarketSegment=MBL but, what I've managed to find on this topic is that you should avoid > - CPU with Intel® vPro Technology (so say good buy to: http://ark.intel.com/search/advanced?s=t&MarketSegment=MBL&VProTechnology=true) and - Intel wireless cards (use Atheros instead) There are also three versions of Intel ME (Management Engine), Commercial and Consumer. They are both bad but consumer version is crippled one (less bad). I'm not sure how can someone pick one or the other but it would be nice to know. Potentially deadliest combination (privacy wise) is: CPU with vPro Technology+Intel wireless card+Intel ME (commercial version) It would be nice if someone could confirm(or deny) this and add some more information regarding other hardware here. Thaks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/45e2ea1e-cb10-4683-baf6-ec9deefd4ce2%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] R3.1 - "Freezing?" sys-usb VM via mkfs.vat command
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 15:33, Anon wrote: > I'm attempting to encrypt an external drive when experiencing a > freeze/crash: > > After running in the sys-usb VM: sudo cryptsetup luksOpen /dev/sda1 > USBDRIVE001 sudo mkfs.vfat /dev/mapper/USBDRIVE001 > -n USBDRV1 > > the window becomes unresponsive. No application errors are > visible. Also, the VM seems to be unresponsive as I cannot run > anything else in that VM (and any other open windows beccome > unresponsive too). > > If I have a certain amount of windows open in that VM (3?) e.g. 2 > terminals and one file browser, the windows just disappear and the > state of sys-usb in Qubes VM Manager turns yellow. > > At this point, I can only restart the VM, which seems then to > operate normally. > > I tried it a few times and the last time I tried it I got an > exclamation point in Qubes VM Manager under the state column for > sys-usb. When hovering over it, it says: "qrexec not connected." As > usual, restarting the VM works fine. > > I do not think I'm out of memory, as I have closed all other > non-essential VMs and should have 8GB of RAM but might have 6GB (I > don't know how to check physical RAM amounts without rebooting). > The drive itself is 1.8TB. > > Is this a bug? Should I be submitting a bug in github or posting > this on the dev mailing list? > > I need a next step. > > Thank you. > If this is Qubes-related at all, it sounds like a hardware compatibility issue, so qubes-users is the right place. Do you have any other USB drives that you can try instead in order to help determine whether the problem is the drive itself? Is it possible that the problem is trying to format with vfat instead of a different filesystem? (How large is the drive?) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxSqMAAoJENtN07w5UDAw/s8P/3AYA51j/6qPqtOkGwupLEiR ZyTNhZ3PWOkWSDR52HgI85BZLs46Wz5glAaDn5YrHKVo8i03uyueAzH1daDe5vtN TnY8/S9Sv8rf4oKSF4O6gzvsM6fpuV28JEcM8NrYWgK7HM90KpClRSoPnIQJGbOm zR0RHTEkqEXnmFRRQ2gV8bW5/vslG2Oq/yGRWYAalK+QTG/1gP7NtvkFDrsA3+jj hqhqOOkME6c+wErjL72KW1ymTz0n5Xejiy87SJVG6PG1OrlzbAvLz4POuMTMxT9Q oNaxx6AkV+NSAg4WobUTpfTtqGGHAfCcW3lLfqbuR4gXlWwci5R77n7t8SR9X+Aa HmrcwCYIBX8yNv902yTTVTCNuY+Jf2kWzMyTbKeJ967OGZVp076X7X8LY08purVP pJz2cqFoOh+/nFHr4aJMpTxwzcfkYZZ+j1qzuObm/raHKrZDx1CrdcLPADkG8Tfy xxHe16y6S4UOAxBCSDBdpGA47DrzkHCu85V1QLvj1EnbKHnHdKp+xHYj4kjXi832 A4RRH7tgyeZhkNVIGJj/zi9/qhRWn1i4xuUdR/UfkCL1GrcO5GyhZ6pzU3AhUlLX H2GwJ3U5PUq4m+VVFi/lKOC/KBne6mRheTxywN42AJUbb+Jh/Wj57aF/ABPnDVcr pLHcUvCNRfHC+6PMUIWV =E2Ts -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/db82723a-a1ed-8474-47ac-b2b097da7f4c%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] gpg split - qube doesn't see key pair - only public key
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 14:01, zaboqu...@gmail.com wrote: > I've been using GPG split for over a year with keys that hadn't > been generated and were only imported into the vault qube and never > had a problem. > > Yesterday I generated a GPG key pair in the vault qube, and while > the vault qube has no problem in seeing the private key, enigmail > in a different qube only sees a public key. > > Has anyone ever experienced this? I've been looking for similar > problems both here and elsewhere and found no reference to this. > > Thanks for your help. rz > Changes to private keys with GnuPG 1 are not visible to GnuPG 2, and vice versa. So, if you generated your key with the `gpg` command (instead of `gpg2`), then Enigmail probably isn't seeing it because it and Split GPG are using gpg2. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxSncAAoJENtN07w5UDAwuIQP+gNLfTL14OUm5umcoYsqMCO1 ON494YjQLk1JBTDS2tO28psDq5/4g6iYTHAdgf9JprcJquHArBxVrRFihrxdiq88 P2g5aN5+7nXUlHxOiDSrAz634aGVlx+19m+6VXm5E37qvUjrSfh0bN9fCwoWEvTJ XzrPRMhqPnsvERwNgSoWuHvZ6AobZwQ3EVM355UdM49r36zHlLBUb8yHkQnYs02U V4+MDS4gB9ytaECVD37n/HlrZ4c6DNXEIemN51sQ18iL7PUSIXqMSZBtFizwTibV Yo4oeCkOFRSqRkhcO77hQ8TDGwjhi/lCk5eNVnAaG8mA52/wqznkrzv3RaEy7NgM eQriG/BfvfZemx+W8MSvgr//cFX31PGpQpXiWL1mA7F8o2FLVuY6dXmaSL8jnu/B JqLcNSzryJUlQU/u1VzU/aD9aI7FIl0Syn0esjzwEMCsuSkT7q93YW126n7BADtS laVq2g5v6UuuZpGIBOuC7wgcZF02Yc/kwS7EnFX4pqZgm2mP1H8XKmWm5o9siSqH IeEee6YN86x0B2iZfIjds4HLGlrZ5zk5iftFd8Yy1CXUvre7P156j8MOhlgJwnHQ IjhMNOYrEokRyXqolW1+j68wvoJ5ro1u/ZHm58rwBZoHqW+PdIg8dpca8l7QFv1W aylflqGaMZmqQ/jK6BCL =ukrT -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/da66d7ea-66bc-10d3-f42c-7542f9b172aa%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Please make a better Scaling for 4K screens - Zoom, DPI
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 13:48, vincent.maximus.c...@gmail.com wrote: > On Thursday, August 4, 2016 at 12:16:25 PM UTC+2, Smithy wrote: >> I have a 4K screen and the layout in qubes R3.2 is unusable even >> with the DPI scaling and the text size modification tool. >> >> -qubes manager is tiny and can not be scaled -debian and other >> vms are tiny >> >> the qubes manager tab should be able to be zoomed in and scaled >> same with any other window there is with settings that can be >> saved. >> >> >> ubuntu does a great job with that. it would be great if that can >> be put inside the next release. > > > > > > how can I install gnome-tweak-tools into dom0 ? i really need it > to get scaled cause qubes manager can not be scaled.. > Have you tried something like this? $ sudo qubes-dom0-update gnome-tweak-tools > please fix this for R3.2 R3 thanks > We're working on it, but the milestone for this is 4.0, not 3.2: https://github.com/QubesOS/qubes-issues/issues/1951 ...at which point, Qubes Manager as we currently know it should be gone anyway: https://github.com/QubesOS/qubes-issues/issues/2132 - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxShtAAoJENtN07w5UDAwjOYP/388CFri7KRDns6PMdnYbIrH WbrSOHtwHfTA0mcQ4dPKeIavXiOPJx7fDw8dAhupq5jFD35bK15Sq4WmvS7fYe5C Uic1lYmFoZ+ESE7tbWC4ZEivRkluBlTUWiZxNC4nSh5EbV097f69EWRii3ETgt7h LH4/b8dvAshiMPkJ+hZwo5596Ca+cjUgTxpvetczta0AAS/P4odzGXGX7lcaMRua 7BIEGkuBbH1HKJOz2Gx1VtcqUMHiA6Y+yAQKAX/4bXXs1fVrbvWXqZJV/KC0zlv2 2yjM6+z411wGv1xgikia6NneU2n8MFWBnlxaVlAxU++kgykhCkEAWOuvBd+EjFSR 66i1MMbV8SCdf4yjtspjslKa5QiRg7BK8pvIur8O4biqi8sUd9ZNVOGlBOBhY92Z hCdBgQacLKiYIMuy19BDTggUve5wFjjE+u6ko2MMzW7YUyy1/4ws6meA0nbcGDP/ SZTGsy+T7vfOJhsxuqskFaoYnMgz4+veETowPUNSQh4VVxRWy/y3brBou07u+Bii 0ZDkiw1Ya4tzvnikcaQuEELQZ8haKKYvpAgbR3VKInywygtylRjwyLWCpS5W63oZ rk2inDb3Nn0n647IgBqbe9H4TnR/XccGikgXlmTzKmce8k/nkR53TNr7uclZBZ+C PAq2TCQS70EPZ5ZlnOwa =/M+v -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9098ccd5-26c8-6399-246b-50ff8162fb16%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QVM Backup
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 19:59, Drew White wrote: > On Monday, 29 August 2016 14:58:57 UTC+10, Andrew David Wong > wrote: >> Yes, that's just the way it does the backup, even for a single >> guest. However, there are plans to implement a qvm-export-vm tool >> that will allow you to export a single guest without exposing >> metadata about other guests: >> >> https://github.com/QubesOS/qubes-issues/issues/1747 >> >> (The comments on this issue explain why the current qvm-backup >> tool doesn't already do this.) >> > > > since it doesn't already do this, then my export is fine as it is > since you say that qvm-backup doesn't YET do it. > No, I didn't say that. qvm-backup will probably never do this, for the reason Marek gives in the last comment on that issue. It's more likely that there will be a distinct qvm-export-vm tool that does it instead. The phrase "the current qvm-backup tool doesn't already do this" above means "It is not currently and has not been the case that the qvm-backup tool is capable of the desired functionality," which doesn't entail that the qvm-backup tool will ever gain this functionality. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxSeSAAoJENtN07w5UDAwwjkP/258gNzxsZ6vfRsjNeduGmSO XZEjX4Hm6ku5tYqG99fCnMBjesVZLdBrzmnqljK32k/d+jTvoimcTFewTC4q0ZUJ 0D0I32WFcc/i7BlAr1heX52nYdO68GN6Yvfwr7svj6fAv9YYZfEGIF4maqTD/Hdi I95bEy1IRRR9PdNZTCZFqb5pM1DxAIz3vcw73jhB56qFgyZWLWvsHh1tsKxR9/k7 lMKK0XiZNSsX6bUMFsAIsh+5NyOjkUNLdDrp9I1MVWuiYK9+MYWm+RTkCQP/XnYQ idOTlslkNXqXwVx2lDwLNjzPMEDdOcrKZlTbYe7JlVa3FX4rEq0+ptNawFu4aAjq qUID8IGPFco7lsf0nrWjPjLSO0cfYwIHUFU4/ETqSRLPH/1bSobhK4loXijEx9f3 b+rLOeUZHH0D6dNRSvxnI00kkGoKmEiuuSbPLqqVxEXqA9HpCfQYJBG+Wsi3UgU1 SIM6Gr2KO5bvZbK6UkKECcAu/G1xrrZnqk+kMrmHMNIuHv1jzZkRl/LLiMwmEQBD F0FoATMD+EP74WtDDwxWaVNeMW1oHer54zhvsmwc5m3XQCZ06IOyVt8ofcTl5OvY +xNaCkavtMBzvFMs61LShTEB2dJx7mzOeHoEyd+QyRcVIQflYvgS0Apar5nYRsJG k0NFNM33UaK0GKBTubmF =Tn4s -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/083cdc68-3466-e247-1c11-fc6d9028bea1%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes 4.0 Hardware Requirements
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 21:28, Drew White wrote: > On Saturday, 20 August 2016 04:28:16 UTC+10, Andrew David Wong > wrote: >> I don't know enough about the AMD platform to answer >> definitively, but if I'm interpreting this Twitter exchange >> correctly, it sounds like you might be right: >> >> https://twitter.com/QubesOS/status/756041961203785728 >> > > So what are the actual requirements for Qubes 4? > The minimum requirements haven't been officially announced yet. (Only the requirements for Qubes Hardware Certification have been). - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxScVAAoJENtN07w5UDAw7awQAJQKcANK2tzUGhaw+Q0tTK6u g7EtPJ+BIAikSA73VyMNLPDII3Ys4/rX5mj4m1p7p0q6hESqICn3Uj+4kkcMgeIe ipzkJma9bx9EWAiLNMU55pB5Co1tX78OBn+A9ESF2doYr95IOLDTNt1ktnIR1ERA KmKWHD8b0zNmq+cEYYsUKNy12N2r+OM/81lr9V19rpFBP2cYJXph16C8ii/SNf4Z zj0F+7rYhO0gQ6WzA6g131R9EwoHcQ5UO8ZDtc0ZFZynSnYxQjm7hHdHDEFeG9Nj /scInlbq4mvHfE3ssEqKjbERqM51dptbpVBaHoMiDvQ975m00fieV8m+IY5ZX6iL XHsJsGhJ2RfqmteSwh/LPn8GNVUQ77Rtk3mP73xTdjTXHAdWUZzwKlhUxeRxy2Qg n0YlDQscFQCp8EvvuMjPx0FENbsIZ965KrUTPJBS4CDCpzGAH7w4i79m+eNuyZzd J5KamNeP9zmWoBJfkdL7jYa32njxFZJm/99Ja75vlGwEvZCiO4aak/sYO69v13N4 A18TQsSNfXIgCvsgOOZ9QMBpkPYciGgYz/zp5r3a3OJXxlc2Y/IS85C9r+2vwODV cZp02tJ5gz4cKzscONRkaW8PXVL16MFVp/CAsxEsf6KBUz+rIFfib8Cn+S3nqZox 4tQGUPsDQti2exnnnSYm =Qg7x -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/c5f12caa-9593-cbb9-684f-1738641bab3a%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2
On Tuesday, August 30, 2016 at 12:20:32 PM UTC+10, Marek Marczykowski-Górecki wrote: > > > > fedora-23-minimal templates are unmanageable via salt, all of the > > > > internal > > VM salt configuration just doesn't work on on them from my > > > > experiments. > > > > > > It may be that salt requires some additional packages to preform its > > > actions. Minimal template have really minimal package set installed. > > > But you probably can install additional stuff using pkg.installed. > > > Yes, it may require calling `qubesctl --all state.highstate` twice. > > > > I believe it says in the docs that the only requirements in the target VM > > for salt inter-vm management to work is scp because ssh looks of it or > > something. Turns out scp is not installed in the fedora-23-minimal template > > by default, however, even after installing it the installation of a package > > does not work for the minimal template. Using the revelation that is the > > --show-output switch I can see this happening. > > > > Its quite long so here is a paste of the section of output pertaining to > > fedora-23-minimal template http://pastebin.com/kCe29p9L but the tail of it > > is: > > > > stderr: > > ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: > > File exists > > WARNING: Unable to locate current thin version: > > /tmp/.root_d510cd__salt/version. > > stdout: > > ERROR: Failure deploying thin: /usr/bin/scp > > _edbc7885e4f9aac9b83b35999b68d015148caf467b78fa39c05f669c0ff89878 > > deploy > > > > ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: > > File exists > > WARNING: Unable to locate current thin version: > > /tmp/.root_d510cd__salt/version. > > It is already fixed: > https://github.com/QubesOS/qubes-issues/issues/2207 Does this update have to be done in dom0 and in the minimal template? I have updated dom0 but still have the issue, no reboot yet though as I am working. I will do more testing tonight as I have a need to also work on a HTTP proxy setup from the docs but with salt. As I am new to salt I figured I would learn by implementing everything in the qubes os docs with salt instead of imperative commands. On Tuesday, August 30, 2016 at 12:57:54 PM UTC+10, Jeremy Rand wrote: > Seems to me that an attack could be constructed where the Tor exit used > for update downloads feeds sys-whonix an exploit, and from there is able > to either break out of Tor, or compromise Tor in some way that may > affect other VM's' anonymity. Forgive me if I am misunderstanding the scenario you proposed, but the setup in question "sys-net>sys-firewall>sys-whonix>sys-update" If dom0 uses sys-update to pull updates we should be ok. The default for when qubes is told to use whonix/tor for updates however is "sys-net>sys-firewall>sys-whonix" with sys-whonix being the update VM if I remember correctly. In that case dnf/yum is in fact running in a whonix VM (which as you mention might be a security issue) and the previously discussed method should prevent that, however as Marek mentioned it is not the default because it would require the addition of another appVM and the base setup should be as minimal as possible. Not everyone has 16+gb of ram. I have also started having other issues with salt. It seems to qubes:template: (the selector for .top files allowing us to target an appVM's template without knowing its name) does not seem to do anything, no errors, the states are just not running for the template that I am targeting. Also, I am not sure when, but the pkg.uptodate state does nothing in templates now. It used to work on this qubes install and it still succeeds (without changes) each run but if I use qubes-manager to do the update there is stuff to be done. This one is really rather minor and I will be writing these up into issues when I am more sure of what they are and that its not just me. When you set a netvm to None with salt you must use the lowercase none which yaml accepts however qvm-prefs uses a capitol. This causes any qvm.prefs states that set a netvm to none to return the changed state every single state.highstate run because the yaml says it should be lowercase. Finally the docs for the dark theme seems to be out of date as many things including firefox are not using the dark theme if it is set globally as the docs describe in ~/.config/gtk-3.0/settings.ini and, on debian, it seems gnome-terminal does not conform to that setting unless you set gnome-terminal's preferences to use the dark variant but fedora templates gnome-terminal goes dark as expected. Thanks for your time, Taylor Lawson -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send e
Re: [qubes-users] Qubes 4.0 Hardware Requirements
On Saturday, 20 August 2016 04:28:16 UTC+10, Andrew David Wong wrote: > I don't know enough about the AMD platform to answer definitively, but if I'm > interpreting this Twitter exchange correctly, it sounds like you might be > right: > > https://twitter.com/QubesOS/status/756041961203785728 > So what are the actual requirements for Qubes 4? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1c6b1399-a354-4f38-9a8d-545541e392eb%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QVM Backup
On Monday, 29 August 2016 14:58:57 UTC+10, Andrew David Wong wrote: > Yes, that's just the way it does the backup, even for a single guest. > However, there are plans to implement a qvm-export-vm tool that will > allow you to export a single guest without exposing metadata about > other guests: > > https://github.com/QubesOS/qubes-issues/issues/1747 > > (The comments on this issue explain why the current qvm-backup tool > doesn't already do this.) > since it doesn't already do this, then my export is fine as it is since you say that qvm-backup doesn't YET do it. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f6286330-e30c-46f2-977e-691789dc7a69%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2
Marek Marczykowski-Górecki: > On Wed, Aug 17, 2016 at 01:42:36AM -0700, nekroze.law...@gmail.com wrote: > >>> In any case, if you put Fedora-based VM behind sys-whonix, and set it as >>> UpdateVM, it should work. > >> That does indeed seem to fix the problem. Is there a reason why the whonix >> setup choice that uses whonix for dom0 updates not also build an update vm >> that uses sys-whonix and is based off of fedora? > > Basic actions (install updates, new packages) should work in this setup > and it save some RAM (no need for additional VM in addition to > sys-whonix). Seems to me that an attack could be constructed where the Tor exit used for update downloads feeds sys-whonix an exploit, and from there is able to either break out of Tor, or compromise Tor in some way that may affect other VM's' anonymity. Granted, this is a fairly lousy attack as attacks go, but isn't the entire point of Whonix that nothing is supposed to run inside the Whonix gateway except Tor? Cheers, -Jeremy Rand -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6d9feec4-a205-dc21-9158-bad70538f8ee%40airmail.cc. For more options, visit https://groups.google.com/d/optout. signature.asc Description: OpenPGP digital signature
Re: [qubes-users] Re: Unable to install 3.2-rc1 on Thinkpad T450s
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Aug 26, 2016 at 01:27:08PM -0700, pfrenc...@gmail.com wrote: > On Friday, August 26, 2016 at 11:42:53 AM UTC-7, pfre...@gmail.com wrote: > > On Sunday, June 26, 2016 at 11:08:35 AM UTC-7, > > 41wycb+5v6...@guerrillamail.com wrote: > > > Hello, > > > > > > I've disabled all support for UEFI in the BIOS, having enabled only > > > support to Legacy mode. I've also disabled the secure boot having enabled > > > the 'USB UEFI BIOS Support'. > > > At this stage I'm able to get the grub splash screen and when I try to > > > boot Qubes I get: > > > > > > 'Loading xen.gz ok' > > > 'Loading vmlinuz ok' > > > 'Loading initrd.img ...ok' > > > > > > After this the laptop simply reboots and I'm back to square one again. > > > > > > I've even tried to upgrade my BIOS to the latest stable version (1.24) > > > but this has produced no improvements. > > > > > > > > > Any idea what may cause this? What I'm missing? > > > > Thanks, I was getting this on the thinkpad x260 as well. > > I'll let you know my results. > > > > PS. I was very happy with 3.1 on my x260 except for the inability to > > suspend, so I tried the upgrade and it wouldn't even boot off USB. > > > > So I pulled the drive, put it in another laptop (Samsung ATIV book 9 plus) > > and 3.2 installed and worked. I updated everything, put the drive back in > > the x260 and boot borked. > > Adding: > mapbs=1 > noexitboot=1 > > to xen.cfg > did not fix the issue. Suggestions? Did you put that into the right section - describing the kernel chosen in `[global]` section? - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO1LAAoJENuP0xzK19cs5u0IAJZgGlr+p7mNS9Ri3g/0ePTt fPMAa1XeJ3m/ES3ZSjDERswvScwDoxKQmV6XjVdzrpp6hDuXg87xegAwYHlxRLWB ILW0YafdRpaVYTsfnaPvSDC3nVredFjTSzWXISBaiyGDWeWLtzk7TAKyMEAjQf9D OiMHF/78hvLHeWB0tZ+86fRUEbZKtaqcOXLOwXZdBL+U9OxN2Www25Lqzv9YG+lc TMryTBCuZaS6T0o/qbNidLjGG1HZlGB21q1cydNpi2EN+paf63eU2P320N21yieM 4Z2f+g+WBCw+D/igGAB/T1xoXJsT5SnLs0bR6csRzg9+XjAMcj/IZvnmEIGSpHg= =A49D -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021955.GS21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Salt InterVM Configuration explorations and pitfalls in 3.2-rc2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Wed, Aug 17, 2016 at 01:42:36AM -0700, nekroze.law...@gmail.com wrote: > > > There are also a handful of other problems smaller problems I have > > > encountered while trying to configure everything I need with salt. For > > > example the fedora-23-minimal templates are unmanageable via salt, all of > > > the internal > > VM salt configuration just doesn't work on on them from > > > my experiments. > > > > It may be that salt requires some additional packages to preform its > > actions. Minimal template have really minimal package set installed. > > But you probably can install additional stuff using pkg.installed. > > Yes, it may require calling `qubesctl --all state.highstate` twice. > > I believe it says in the docs that the only requirements in the target VM for > salt inter-vm management to work is scp because ssh looks of it or something. > Turns out scp is not installed in the fedora-23-minimal template by default, > however, even after installing it the installation of a package does not work > for the minimal template. Using the revelation that is the --show-output > switch I can see this happening. > > Its quite long so here is a paste of the section of output pertaining to > fedora-23-minimal template http://pastebin.com/kCe29p9L but the tail of it is: > > stderr: > ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: > File exists > WARNING: Unable to locate current thin version: > /tmp/.root_d510cd__salt/version. > stdout: > ERROR: Failure deploying thin: /usr/bin/scp > _edbc7885e4f9aac9b83b35999b68d015148caf467b78fa39c05f669c0ff89878 > deploy > > ln: failed to create symbolic link ‘/tmp/salt-shim-sandbox/scp’: > File exists > WARNING: Unable to locate current thin version: > /tmp/.root_d510cd__salt/version. It is already fixed: https://github.com/QubesOS/qubes-issues/issues/2207 > > In any case, if you put Fedora-based VM behind sys-whonix, and set it as > > UpdateVM, it should work. > > That does indeed seem to fix the problem. Is there a reason why the whonix > setup choice that uses whonix for dom0 updates not also build an update vm > that uses sys-whonix and is based off of fedora? Basic actions (install updates, new packages) should work in this setup and it save some RAM (no need for additional VM in addition to sys-whonix). > > > There are some aspects of configuring the dom0 experience in Qubes that > > > does not seem to be possible from salt. For example there is no way to > > > specify which applications are available in the menu for an appVM, > > > > Indeed there is no module for this, but you can simply edit > > `whitelisted-appmenus.list` file in the VM directory with file.managed. > > Then appmenus regeneration will be triggered at nearest template > > upgrade, which will probably happen a moment later anyway (as dom0 is > > configured before all the VMs). > > I have tried this and found it not to work. I have not been able to get the > application to appear in the application menu in xfce, nor is it enabled when > I view the VM's apps list in the qubes-manager. I can confirm the line is in > the right place from the state and matches the .desktop file in > /usr/share/applications which should be where it looks. I have not rebooted > yet but I have done multiple full highstate reruns on all vms after applying > this state. It wasn't until I booted up the template the appVM was based on > and ran qvm-sync-appmenus that it started to appear. I am still trying to > find a way to emulate this is a sane but simple way with salt. Currently qvm-sync-appmenus requires template to be running, but it should be easy to add an option to run without communicating with template (only regenerate VM entries, without syncing them with template). If you find this useful, feel free to open a ticket on github. > > Its "meminfo-writer" service (qvm.service). > > Brilliant. Poor assumption on my part that because there was a tickbox it > wouldn't match one to one for a service but I guess the tickbox is just a > redirect to the service for convenience from the memory tab. Yes, exactly. > > > BTW do you know a salt module for editing XML files - just like > > file.line or so? It would be really useful for configuring some desktop > > environment settings - almost all Xfce configuration is in XML files... > > The best would be augeas.change state which uses augeas which can make > modifying structured data type files a one line thing. Thanks, will take a look at it! > It would be perfect for this but has some dependencies (python-augeas) but I > am not sure if templates would need that installed or just dom0. For configuring dom0 - in dom0. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q
Re: [qubes-users] Isn't it bad, that compromized vm can create any number of dispVMs?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 25, 2016 at 12:56:15PM +0200, Alex wrote: > On 08/25/2016 12:53 PM, Arqwer wrote: > > Command qvm-run '$dispvm' xterm if called from an appVM will run > > xterm in a new dispVM. If attacker gained access to an appvm, he > > possibly can run script, that will create thousands of new dispVMs > > and freeze my computer. I don't like this. May be it's better to > > disable this functionality by default? > > > I see your point, but I'd rather appreciate a limit on the number of > dispVM that can be launched (e.g. per hour/appvm?) before some > confirmation from dom0 is needed to open any more. This way actual > functionality is not broken nor reverted, and the denial of service > scenario is prevented. In fact the number of DispVMs is already limited - by available RAM. Further attempts will simply fail. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO00AAoJENuP0xzK19csQDQH/i+NEnY4EATTYbqZ7dijrrrV jyQ/QqOBZtKyhJ24TuLJC6UYyNri5DEvlu6S50O4ubvwzGmA4lsgJl6fDCiwX+VK 4j13CXw21xI5eZfagZZ1ZIHn8Nior2N/K2s+CGZUwhee1urmYlvAAuFSHYMePoFg akvZgonKCyshTATePglRhkTG0WFS91FZHMAbpZs6DGUZ+jB/ZVgQbTfAJg0A25ya RiLgoFA3mAPeUFZuCtSgUNXeR/NazmpW7wGx4SY4cUUAmrcB30sq4a/jVXOi9os0 42wJGnomQIS1b2cmnjSYpXNQhkAlrYdegcRmcwMgcSnG2Zs6iDpLppYidP+Li8E= =f2KL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021932.GQ21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Anonymizing MAC adress through dvm ?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Thu, Aug 25, 2016 at 02:15:54PM -0700, nishiwak...@gmail.com wrote:
> Hello everyone,
>
> I was just wondering if you can apply this documentation
> https://www.qubes-os.org/doc/anonymizing-your-mac-address/ to your disposable
> VM (like if you like to browse the internet being safe, not saving any data
> but also preserving your anonymity, in a way like Tails do).
>
> I tried to apply this on the AppVM-dvm, stopped it, then entered
> "qvm-create-default-dvm nameoftheTemplateVM-on-which-is-based-the-AppVM" in
> dom0, so eventually it would save the configuration on the img on which is
> based the new Disposable VM, but it don't seem to work, my interface ID don't
> change when I type "/sbin/ifconfig" into the new DispVM.
>
> I guess the problem comes from the fact the TemplateVM creates a symlink to
> /etc/systemd/ to load the service, but as you don't have persistence in
> dispVM, the process fails, but I'm not sure.
>
> If you have an idea on one could eventually do this, I think it would be a
> great feature (even if it is already really nice to be able to do so on
> standard VMs, problem is when you're paranoid you have to trade off in a way
> between a non anonymous but full secured non persistent model for a more
> anonymous but less secured one, lol)
In theory it can be probably applied there (apply the instruction in the
template - the same way as for sys-net). But in practice it doesn't give
you much more anonymity. First of all, MAC address of the VM network
interface have no relation to your real hardware. It is always
00:16:3e:5e:6c:XX, where XX is ID of the VM. So it gives information
that you use Qubes OS. And if one can read that MAC address, can also
read a dozen other indicators that you use Qubes OS - like running on
Xen, or /var/lib/qubes directory presence, or simply a hostname
("dispXX").
- --
Best Regards,
Marek Marczykowski-Górecki
Invisible Things Lab
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iQEcBAEBCAAGBQJXxO0/AAoJENuP0xzK19csBKMH/2EvL7/LNwvSM0peXlNpBTZF
NbfYvZzJcqG2KZoI4NM323CeJxINPCh6aXLo4oN4666VJOY8yGsyYyUAes9dYJwy
EWA6phcPd7D9+yEnOul1ELY5/O4xzmtEKsUo+e9fAcRQddi8Pqhflt2slmBMl4eZ
1Taqb7jVMWf/iGYsLRV7B0WAcoHxRrBmkXvQWn2eyEAg7Al1skFgqp89LMLdd+As
n6301yuL6hVadfgcyuJAt7AjOj+pBLGRe+TAHno2327dvYaWOkNTF0b9pEWC+ti3
KOIJmzF0uFCATyAvpWVwgl5MPOsbeyvLe64sgJ+2zP94EigKCByUXKfTvrdHZYA=
=nT2K
-END PGP SIGNATURE-
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/20160830021943.GR21245%40mail-itl.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Template Updates through http proxy
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 25, 2016 at 02:20:04PM -0600, John R. Shannon wrote: > I found tinyproxy and it's configuration file tinyproxy-updates.conf. I > should be able to add an "Upstream" directive to direct traffic to another > proxy. This file is apparently generated and does not survive a reboot. I > could not find a configuration file in /rc. > > Where do I update this file? It isn't generated, but all the files in /etc (or more general - outside of /rw or /home) do not persist in normal VM. You can either edit it in the template (by default fedora-23), or apply the modification from /rw/config/rc.local in particular VM (sys-net). If you choose to use rc.local, make it executable. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO0dAAoJENuP0xzK19cse/cH/22JrbOWgvRsmNXxm7EgzOny oyQjSg+CCDbL6xjY5NvOrllthtPeNK3ym/Co/FKOTk7pC2jdSu3C5Hbf9RKyhsqG mccABuBjNFzg1VlxSM5wfMRGw2qp4iomLBCQQejS1EqTfvRmTxyJIYMS8xvfPE25 f0n5/fKRZFn5wusEkTtiUrzhg4dw0x86e2IWxlZB8OyhZu8XWxLY9BXEQcx8dOCH j6o710VPGJVUFrbfVLBX1ATY/AFA8pwbu8IkqIS48sVULf8BwRPU3QG1b+sEBfUr M8SNu1KeHehZiQIp8a3AH/1hOTO95dDBrNwTuLp5VVuD5o61FBy+rVcU8Ut66W4= =h3Mt -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021909.GO21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Qubes OS installation freezes at installing bootloader?!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 18, 2016 at 11:22:55PM -0700, Darko Vuković wrote: > Hi there, > > does anyone have any idea on how to continue after thin problem? > > somewhere in the middle of the installation process screen freezes exactly at > the moment where installer says "installing bootloader". Every time! > > If anyone have some solution to this, please share! UEFI or legacy mode? In any case, try the other one. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxO0MAAoJENuP0xzK19csjacH/3IAsq0yw+aQ3rQklvETiBmP yNFSumxg7Ivxqd+OTkt6atsnIEIkSrPqnQ6TZETHzTtj2ZrV+b7+/lBAY5UKO4Y+ nHurYAnrTfcCdikVyNDOWcj5YnIuxKwxxlPazwOHheaFBJIYSDK6LpF/CDNl4zfE vEj425pl3nl2GZ7DrGsepYhNMEw48G7USAqYnshtudSk7Nu5M4hzcuRhMXVK93uS c4ynVZcQ4PTE/001+ki6EVziC+tb58Q6XHLEiAjWL6w94K7qWMNGQqfwTQHTzkdc fhCqFd25JteC51iLCAHvXWwsuSDxcVwztf9V+RvRMTsQnuqkiRFfmc6AozuTGbg= =/1w1 -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160830021852.GM21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] grub2-mkconfig not found
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Sun, Aug 14, 2016 at 06:14:12PM -0700, zackp...@gmail.com wrote: > On Saturday, August 13, 2016 at 5:45:58 PM UTC-4, Marek Marczykowski-Górecki > wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Sat, Aug 13, 2016 at 06:53:20AM -0700, zackp...@gmail.com wrote: > > > On Saturday, August 13, 2016 at 6:14:44 AM UTC-4, Marek > > > Marczykowski-Górecki wrote: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA256 > > > > > > > > On Sat, Aug 13, 2016 at 03:11:57AM -0700, Andrew David Wong wrote: > > > > > On 2016-08-12 20:57, zackp...@gmail.com wrote: > > > > > > Hi all, I'm a new qubes user and have been following the guides to > > > > > > get > > > > > > trim enabled for the dom0. Everything seems to have gone smoothly > > > > > > until the > > > > > > grub steps. I can't find a grub.cfg file anywhere. The only > > > > > > abnormality to > > > > > > my installation is that it's UEFI. So the closest thing I did find > > > > > > to this > > > > > > was /boot/efi/EFI/qubes/xen.cfg which had the kernel line > > > > > > referenced in the > > > > > > trim guide. However, when I attempt to run grub2-mkconfig -o > > > > > > /boot/efi/EFI/qubes/xen.cfg I get "grub2-mkconfig: command not > > > > > > found" All > > > > > > that is present in the /boot/grub2 folder is a themes folder. I am > > > > > > using > > > > > > the main dom0 terminal for all of this. > > > > > > > > > > > > Considering that everything boots fine, I'm hesitant to reinstall > > > > > > grub2 (I > > > > > > assume it would need to be grub2-efi in this case). Any clue as to > > > > > > what's > > > > > > going on? Thanks > > > > > > > > > > > > > > > > I think grub2-mkconfig is not found because you're using UEFI rather > > > > > than > > > > > legacy boot. Are you getting your instructions from here? > > > > > > > > > > https://www.qubes-os.org/doc/disk-trim/ > > > > > > > > > > I think these instructions were written with legacy boot in mind. I'm > > > > > not sure > > > > > how to enable TRIM on UEFI (CCing Marek). > > > > > > > > Yes, on UEFI install /boot/efi/EFI/qubes/xen.cfg is the right file - you > > > > need to edit it directly. > > > > > > > > - -- > > > > Best Regards, > > > > Marek Marczykowski-Górecki > > > > Invisible Things Lab > > > > A: Because it messes up the order in which people normally read text. > > > > Q: Why is top-posting such a bad thing? > > > > -BEGIN PGP SIGNATURE- > > > > Version: GnuPG v2 > > > > > > > > iQEcBAEBCAAGBQJXrvMNAAoJENuP0xzK19csfqQH/0/P4FV8W2/pZhWaCeXfseqj > > > > fw79GDTa5/ExjxSg4eehHDhHHVgG3kaeb0HafPvVnHS/DJuHzCG1Xrs1vyZJlPID > > > > oCrH4FaaYQ2Che4L4D/Koh5lNEdEakKOrF7ILbTRN5u8Q4xvdM9KQ/paacCYkCDJ > > > > YlYKELzyOZ1wkUvwttPynTANdrMlY797BHkHYHv2TbaMBTjw4EYmIs+VM9MRIWIv > > > > Lis1hZn97y1z3ZIQglrQRCDLAmoNJPBsXRdMHjNyA5EeKQPX+fNxsE3/HIoqrIi3 > > > > 3DHYzKIS/UBDFHOJXj7I3pK311fS1IcUlrbRCXJYCM0gF5A5EkWKxIj0ghV0YTI= > > > > =uhvX > > > > -END PGP SIGNATURE- > > > > > > So I'm editing the right file, that's all and good. Here's what I've done > > > so far: > > > > > > #Find UUID of ssd > > > ls /dev/mapper/luks-* > > > #Set trim in crypttab > > > sudo nano /etc/crypttab > > > #Add "allow-discards" at end of entry for ssd with matching UUID > > > #Set trim in fstab > > > sudo nano /etc/fstab > > > #Add "discard" after other flags (like "default") for everything but swap > > > sudo nano /etc/lvm/lvm.conf > > > #Change "issue_discards" from "0" to "1" > > > #Add discard to grub > > > sudo nano /boot/efi/EFI/qubes/xen.cfg > > > #At the end of the kernel line, add "rd.luks.allow-discards=1" > > > #Rebuild initramfs > > > sudo dracut -H -f > > > ##Check if discard (trim) is enabled: > > > lsblk -D > > > #OR > > > sudo dmsetup table > > > > > > Everything above works except that lsblk still shows no trim support so I > > > guess that the rebuilding of grub is an important step in this. > > > > I think dracut by default place output file in > > /boot/initramfs-(kernel version), while on UEFI system bootloader loads > > it from /boot/efi/EFI/qubes/. Try to copy it there. > > I checked the date and time of creation of the initramfs file in the > directories you specified and you are correct in that dracut created it in > /boot. However, after copying it to /boot/efi/EFI/qubes and replacing the one > there, there's still no trim support. Here's my output: > > sudo dmsetup table > snapshot-fb01:3278378-fb01:3279033: 0 20971520 snapshot 7:7 7:8 P 256 > qubes_dom0-swap: 0 15990784 linear 251:0 2048 > qubes_dom0-root: 0 451420160 linear 251:0 15992832 > luks-07201718-857d-4108-a722-a5956c443e1e: 0 467421184 crypt aes-xts-plain64 > > 0 8:19 4096 1 allow_discards The "allow_discards" is here, so it worked. > snapshot-fb01:3278350-fb01:3278346: 0 20971520 sn
Re: [qubes-users] Routing network traffic in sys-usb using multiple devices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 18, 2016 at 10:34:55AM -0700, Adrian Rocha wrote: > El jueves, 18 de agosto de 2016, 10:50:14 (UTC-6), Marek Marczykowski-Górecki > escribió: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA256 > > > > On Thu, Aug 18, 2016 at 09:12:35AM -0700, Adrian Rocha wrote: > > > El jueves, 18 de agosto de 2016, 9:45:44 (UTC-6), Marek > > > Marczykowski-Górecki escribió: > > > > -BEGIN PGP SIGNED MESSAGE- > > > > Hash: SHA256 > > > > > > > > On Thu, Aug 18, 2016 at 08:25:34AM -0700, Adrian Rocha wrote: > > > > > El viernes, 12 de agosto de 2016, 2:34:52 (UTC-6), Marek > > > > > Marczykowski-Górecki escribió: > > > > > > -BEGIN PGP SIGNED MESSAGE- > > > > > > Hash: SHA256 > > > > > > > > > > > > On Thu, Aug 11, 2016 at 11:07:54AM -0700, Adrian Rocha wrote: > > > > > > > Hi, > > > > > > > > > > > > > > I have two network devices and one only USB controller, so both > > > > > > > devices are in the same VM (sys-usb). I want to route some > > > > > > > app-VMs by one network and the rest by the other network, for > > > > > > > that I have created two firewall VMs but both are connected to > > > > > > > the same network VMs because, as I commented, I can not divide > > > > > > > the network devices in different VMs. > > > > > > > By default all the traffic is going by only one network device. > > > > > > > This is the configuration in my sys-usb: > > > > > > > > > > > > > > [user@sys-usb ~]$ ip route list > > > > > > > default via 172.20.1.1 dev enp0s0u2 proto static metric 100 > > > > > > > default via 192.168.8.1 dev enp0s0u3 proto static metric 101 > > > > > > > 10.137.4.8 dev vif2.0 scope link metric 32750 > > > > > > > 10.137.4.29 dev vif9.0 scope link metric 32743 > > > > > > > 172.20.0.0/21 dev enp0s0u2 proto kernel scope link src > > > > > > > 172.20.2.255 metric 100 > > > > > > > 192.168.8.0/24 dev enp0s0u3 proto kernel scope link src > > > > > > > 192.168.8.100 metric 100 > > > > > > > > > > > > > > The firewall IPs are 10.137.4.8 and 10.137.4.29 > > > > > > > > > > > > > > I know how to route a traffic to an specific IP using "ip route > > > > > > > add" to a determined device network, but How can I route the > > > > > > > complete traffic from one firewall VM by one device network and > > > > > > > the traffic from other firewall VM by the other device network? > > > > > > > > > > > > Source based-routing is tricky in Linux in general. You can search > > > > > > for > > > > > > some guides on the internet. > > > > > > > > > > > > But alternatively, on Qubes R3.2, you can assign one of those USB > > > > > > devices to different VM - some separate netvm, or even one of those > > > > > > firewallvms directly (and do not attach this firewallvm to any > > > > > > netvm). > > > > > > It may work slightly slower, but should be much easier. > > > > > > > > > > Thanks for your tip Marek, but I am having an error with the USB > > > > > assign: > > > > > > > > > > The ethernet adapter in the sys-usb VM: > > > > > [user@sys-usb ~]$ lsusb > > > > > ... > > > > > Bus 005 Device 002: ID 0b95:1790 ASIX Electronics Corp. AX88179 > > > > > Gigabit Ethernet > > > > > ... > > > > > > > > > > And when I try to assing them to the sys-net VM in dom0: > > > > > [user@dom0 ~]$ qvm-usb > > > > > sys-usb:4-6 06cb:1ac3 SYNAPTICS_Synaptics_Large_Touch_Screen > > > > > sys-usb:5-2 0b95:1790 ASIX_Elec._Corp._AX88179_:9 > > > > > sys-usb:4-9 8087:07dc 8087_07dc > > > > > sys-usb:4-110bda:573c > > > > > CN0Y2TKG7248741DA3RDA00_Integrated_Webcam_HD_200901010001 > > > > > [user@dom0 ~]$ qvm-usb -a sys-net sys-usb:5-2 > > > > > ERROR: Device attach failed: /usr/lib/qubes/usb-import: line 51: > > > > > printf: write error: Invalid argument > > > > > > > > > > Any idea or a detailed reference about this functionality? > > > > > > > > Check kernel messages in sys-net. It looks like kernel driver rejects > > > > this device for some reason. > > > > > > > > > > This is the message in sys-net: > > > [ 3116.501714] vhci_hcd: Failed attach request for unsupported USB speed: > > > super-speed > > > > > > And I see this in sys-usb: > > > [ 3095.918081] usbip-host 5-2: stub up > > > [ 3095.920893] usbip-host 5-2: recv a header, 0 > > > [ 3096.023678] usbip-host 5-2: reset SuperSpeed USB device number 2 using > > > xhci_hcd > > > [ 3096.038562] usbip-host 5-2: device reset > > > > Ok, so the reason is the device being USB3.0, which isn't supported by > > the driver, unfortunately. Try plugging it into USB2.0 port. > > > > Ahh ok, I tried in the USB 2.0 port, and now I can assign it. But I see in > the sys-net that it is recognized for a while but never connects to the > network. After a few seconds the device returns to the sys-usb VM. This are > de messages in sys-net VM: > > [ 7277.118612] vhci_hcd vhci_hcd: rhport(0) sockfd(0) devid(262154) speed(3) > speed_str(high-speed) > [
[qubes-users] Re: Qubes and freeBSD
El martes, 30 de agosto de 2016, 0:47:24 (UTC), Roberto Fock escribió: > Install OpenBSD as HVM in my notebook. Anyone know what I need to install > ports. Because the mouse does not move but I can click.(Instalé en mi > notebook Qubes y le agregué OpenBSD como maquina virtual. Alguien sabe qué > ports instalar para que funcione el mouse, porque no se mueve pero sí puedo > hacer click.) I use Xfce Desktop Environment -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/56057add-0f54-4425-be29-068151718303%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Qubes and freeBSD
Install OpenBSD as HVM in my notebook. Anyone know what I need to install ports. Because the mouse does not move but I can click.(Instalé en mi notebook Qubes y le agregué OpenBSD como maquina virtual. Alguien sabe qué ports instalar para que funcione el mouse, porque no se mueve pero sí puedo hacer click.) -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/b2c4425e-968f-4d39-968f-18fc18dcec20%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] QVM Backup
On Monday, 29 August 2016 14:58:57 UTC+10, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-28 18:04, Drew White wrote: > > Hi folks, > > > > Just wondering.. > > > > I've looked at the backup data for the XML file and it contains > > ALL of the guests on the machine, not just the one I'm backing up. > > > > Is there any particular reason for this? Is it just the way that > > it does the backup for 1 guest? > > > > Yes, that's just the way it does the backup, even for a single guest. > However, there are plans to implement a qvm-export-vm tool that will > allow you to export a single guest without exposing metadata about > other guests: > > https://github.com/QubesOS/qubes-issues/issues/1747 > > (The comments on this issue explain why the current qvm-backup tool > doesn't already do this.) > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXw8D3AAoJENtN07w5UDAwQTQQAKcfKGoycWhhi3wGfm3PY0oN > Wq8fGUpykjjGN7gLP1LbTF1NbAB7gJBpvhuUu8t84QBGycv34SvD8dJ2XS0irPSG > AAyRmLzCkTKUUtcJTb0/PtfvNOAzW14EoUo28+Xro8DbayZSWAcU8I280yFx42/o > Hct4vYTz1pR5BClKRRO6U4icSFcihHuqel5aKJngoRIFE5G6+q5jxphPr2yjxcIq > q+8WyOv4D2eVCFmbFE8up11yNtnJdYSsvZHUVwFAwtqQVwrcCshcXTnfLkb/QJ5z > qe6ffhvKqVhLWzmZfCdxrZangETXsYYScpBc7lJfIfPdBUIYW3U3kDSiS/5WFB5b > OjQKs0vkW5r/ghvaLY0Y98Xe4aYQWtFS8kJyyxqijVHdqCtu8f+EZbQbKoLMwVdt > c+WLbgwDQPDFTQzYxIhXRvuHYOaBerGwkczMl5mfo0HtSijtvOUIlHVNrYKi7nNJ > ph5pixenVdx/mWjTWM31OnjCfBCADD4drMatvf3UDnmJzxt5qTljtCFy51NCuHzu > NdedHwrcmXBrmwhemb/AsvKWiq6Nz6y5Upiln9HDbPZhsnUYN7Kc4BqRMX/UOg2y > Kqj9qrebIyq2zgoo1VR8sux5/BBKFHAti+h04SD6AK25qmyo4f/0Bz8Vb6Uxj8o9 > FopgGOsAv5617Haw4ujY > =VuS7 > -END PGP SIGNATURE- Okay, thanks, just thoguht I'd check, because I didn't know if it was required to have the ENTIRE XML file for the restore or not for comparisons. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b4e2f64-2437-44cc-a123-057d0ca17579%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] tested Qubes os
I have problems with Wi-Fi card BCM4352 802.11ac (chipset) Dell Wireless 1560 802.11ac. It's not visible in ifconfig but can be found in attached devices in sys-net. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/CAM3vy95DV4GiHVcffYr9XmrA7BoTeJ1i0U_SdwZLDMp%2BXzJaNg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout. Qubes-HCL-Dell_Inc.-XPS_15_9530-20160823-215245.yml Description: Binary data
[qubes-users] R3.1 - "Freezing?" sys-usb VM via mkfs.vat command
I'm attempting to encrypt an external drive when experiencing a freeze/crash: After running in the sys-usb VM: sudo cryptsetup luksOpen /dev/sda1 USBDRIVE001 sudo mkfs.vfat /dev/mapper/USBDRIVE001 -n USBDRV1 the window becomes unresponsive. No application errors are visible. Also, the VM seems to be unresponsive as I cannot run anything else in that VM (and any other open windows beccome unresponsive too). If I have a certain amount of windows open in that VM (3?) e.g. 2 terminals and one file browser, the windows just disappear and the state of sys-usb in Qubes VM Manager turns yellow. At this point, I can only restart the VM, which seems then to operate normally. I tried it a few times and the last time I tried it I got an exclamation point in Qubes VM Manager under the state column for sys-usb. When hovering over it, it says: "qrexec not connected." As usual, restarting the VM works fine. I do not think I'm out of memory, as I have closed all other non-essential VMs and should have 8GB of RAM but might have 6GB (I don't know how to check physical RAM amounts without rebooting). The drive itself is 1.8TB. Is this a bug? Should I be submitting a bug in github or posting this on the dev mailing list? I need a next step. Thank you. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/nq2d7h%24k7%241%40blaine.gmane.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] gpg split - qube doesn't see key pair - only public key
I've been using GPG split for over a year with keys that hadn't been generated and were only imported into the vault qube and never had a problem. Yesterday I generated a GPG key pair in the vault qube, and while the vault qube has no problem in seeing the private key, enigmail in a different qube only sees a public key. Has anyone ever experienced this? I've been looking for similar problems both here and elsewhere and found no reference to this. Thanks for your help. rz -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/33fc57e0-b8a4-486b-92a8-2f1f9a790067%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Please make a better Scaling for 4K screens - Zoom, DPI
On Thursday, August 4, 2016 at 12:16:25 PM UTC+2, Smithy wrote: > I have a 4K screen and the layout in qubes R3.2 is unusable > even with the DPI scaling and the text size modification tool. > > -qubes manager is tiny and can not be scaled > -debian and other vms are tiny > > the qubes manager tab should be able to be zoomed in and scaled > same with any other window there is with settings that can be saved. > > > ubuntu does a great job with that. > it would be great if that can be put inside the next release. how can I install gnome-tweak-tools into dom0 ? i really need it to get scaled cause qubes manager can not be scaled.. please fix this for R3.2 R3 thanks -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f3a6121a-11aa-4f57-8407-5292373717e7%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Windows update
On Monday, August 29, 2016 at 12:55:54 PM UTC-4, Andrew David Wong wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > On 2016-08-29 07:49, Foppe de Haan wrote: > > On Monday, August 29, 2016 at 4:31:37 PM UTC+2, Jan Betlach wrote: > >> I have installed standalone HVM with Windows 7 Pro. The > >> installation went smooth along with the windows tools from > >> testing repo. I do have however a problem - the windows update > >> initiated from within the VM is not working. It is "Checking for > >> updates" for hours and never ends. Networking (internet) inside > >> the VM works without problems. Any ideas? > > > > I had the same experience. WSUS provides a (suboptimal) solution. > > Not a clue what causes it, though. > > > > That's just how Windows Update works (blame Microsoft): > > https://superuser.com/questions/951960/windows-7-sp1-windows-update- > stuck-checking-for-updates > > - -- > Andrew David Wong (Axon) > Community Manager, Qubes OS > https://www.qubes-os.org > -BEGIN PGP SIGNATURE- > > iQIcBAEBCgAGBQJXxGkKAAoJENtN07w5UDAwtH4P/1HMgqg5jjB2SVOBIYHJJCA+ > m5ZkYEf1Kv9vZhdhAdfvlT7bvDZEQJfmZ6Eyg02KMAqRaPB0Kb1Lj0KI/rj3u+30 > 4jdKnTPv1GhHbChcOCS7DAiRw1X/ap3Lx1GJaYX+FrXuHreewivJLYLfJgBIxHF5 > FoaY7VmiQfRxiqcy1uHm8vZcs0miT1rzcCJ7wdAvNG9J8mnvGNRb1W4gE39lnZcM > 4uhqVCEstwm5vhIyoYL/PjBALxaXfTcutyC9mVC0QvGHA6flKTKvgxGEvzLH3nSX > HZDC7dhiptrgBcAbaxpVcQ1ahZ35rQDI7e0doB+NRuq5QlamSkRkRp50wRyK76WZ > 3zbV763YYfHVCA3SnCkux/jYvy6KltWa5AxNVJX18REUdQFS7Xyq5QF7wmv18xVw > YJVj+KEEP+N3ogAeQYwH+ukembW3TmTc2xtl9qmqc70eSoS40LtlM4n5TrrAunbt > +KjTriT1pHgSQOkvLJ8Dnw4C5+/50SnsdKf7CmJDN1iG9OvsljULBHaosvcsb76K > Y3qQBiT0Qmok0zBeQOyJaBUfr5mtq7YnDHyeBZBeke/QgGqyPfTx92PXM/vu/7qn > DzslZHWhlO1r5Eo7PZllQX5mfB0Mr7zuaEkwJnR3wBetotzNssw8W/wMski5nZ0I > K0RU7jpVjWhRR0fDLyCw > =wOjR > -END PGP SIGNATURE- Thank you Andrew, looks like the first fix helped. Downloading updates now. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fa6063a8-c393-4e0a-a878-4e0844895ddf%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] sys-firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 10:10, Jan Betlach wrote: > I've created minimal Fedora 23 template for sys-net, sys-usb and > sys-firewall. Obvious benefit is RAM usage. Works perfectly so > far. During that process I've thougt whether it is a good idea to > use Fedora 23 as a template for sys-firewall. Would not be > possible and better to use something like MirageOS or ven pfSense > for firewall in Qubes? > This has come up on the lists several times in the past. You may find the past discussions interesting: https://groups.google.com/forum/#!searchin/qubes- users/firewall$20(pfsense$20OR$20mirage) https://groups.google.com/forum/#!searchin/qubes- devel/firewall$20(pfsense$20OR$20mirage) - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxHYOAAoJENtN07w5UDAwT58P/jvnxEqqugRuRhM7mOd7X8pO DgfqsdhimHhpKCtmHrg0souPseIbZ/cy38Fc1+wLDkO3wuWoKLyV9MZykHpRSJsl rWeBI0Y71etrf7Q2gMt2ygB/G7RqGml7yc7sR3jXg6gHDwGuZtnTjksZdA+sRNNZ eYqlQOlKTgQ1GxJEip15/98n+AShI2ldZmH5VqlbNOiMSo9S0YVUV0nUT329ghzS oUr8VJMgrsk3UTqcyzTCZV9CBOCFtNW1tI27eT38LkzbmzWOSSiJ1CCd4KWwrNk4 3EZfA4J8auskeUbVoaRBF6bewRpoihMb5JpBB0PJRvFpylRRav59OtljDUvflBMD FriIaDeUGf+vaFn3honEI/aCNy7O4ImdYGteDSmYH2PEK3IE8/jO/J4VBoESJJR3 tEczU5I7KJn0jeuqqgqpWEbHPqWmPzPp+89ZL0ZJLgv2hpkf5B2Y/aDBkK7Z5TKY ZyKmyXhsuVM0d6lR0iMVAJYEDIztwKZcInTWVnz/E5R8hRUz0GL0II87kz0QnaJf X68/kUfGOxoXSpXdk2IPsjm3EH9/JyUrR7Hzhb2cqodxwcow1N3zHkXfjoiPWTgy +Zu+6EM/yK/rxtppMomxjCbYUCryEI8vGNw9TAa71nE05zBajXglILHunCfq94kp URbjmVIzG+87qrW70/Ld =FGgz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/fbc8e5aa-9e3b-930b-77a7-511b6d8fe743%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] sys-firewall
I've created minimal Fedora 23 template for sys-net, sys-usb and sys-firewall. Obvious benefit is RAM usage. Works perfectly so far. During that process I've thougt whether it is a good idea to use Fedora 23 as a template for sys-firewall. Would not be possible and better to use something like MirageOS or ven pfSense for firewall in Qubes? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9f9b870e-5ff9-4c5c-b2f1-dd7808043068%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: Windows update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 07:49, Foppe de Haan wrote: > On Monday, August 29, 2016 at 4:31:37 PM UTC+2, Jan Betlach wrote: >> I have installed standalone HVM with Windows 7 Pro. The >> installation went smooth along with the windows tools from >> testing repo. I do have however a problem - the windows update >> initiated from within the VM is not working. It is "Checking for >> updates" for hours and never ends. Networking (internet) inside >> the VM works without problems. Any ideas? > > I had the same experience. WSUS provides a (suboptimal) solution. > Not a clue what causes it, though. > That's just how Windows Update works (blame Microsoft): https://superuser.com/questions/951960/windows-7-sp1-windows-update- stuck-checking-for-updates - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxGkKAAoJENtN07w5UDAwtH4P/1HMgqg5jjB2SVOBIYHJJCA+ m5ZkYEf1Kv9vZhdhAdfvlT7bvDZEQJfmZ6Eyg02KMAqRaPB0Kb1Lj0KI/rj3u+30 4jdKnTPv1GhHbChcOCS7DAiRw1X/ap3Lx1GJaYX+FrXuHreewivJLYLfJgBIxHF5 FoaY7VmiQfRxiqcy1uHm8vZcs0miT1rzcCJ7wdAvNG9J8mnvGNRb1W4gE39lnZcM 4uhqVCEstwm5vhIyoYL/PjBALxaXfTcutyC9mVC0QvGHA6flKTKvgxGEvzLH3nSX HZDC7dhiptrgBcAbaxpVcQ1ahZ35rQDI7e0doB+NRuq5QlamSkRkRp50wRyK76WZ 3zbV763YYfHVCA3SnCkux/jYvy6KltWa5AxNVJX18REUdQFS7Xyq5QF7wmv18xVw YJVj+KEEP+N3ogAeQYwH+ukembW3TmTc2xtl9qmqc70eSoS40LtlM4n5TrrAunbt +KjTriT1pHgSQOkvLJ8Dnw4C5+/50SnsdKf7CmJDN1iG9OvsljULBHaosvcsb76K Y3qQBiT0Qmok0zBeQOyJaBUfr5mtq7YnDHyeBZBeke/QgGqyPfTx92PXM/vu/7qn DzslZHWhlO1r5Eo7PZllQX5mfB0Mr7zuaEkwJnR3wBetotzNssw8W/wMski5nZ0I K0RU7jpVjWhRR0fDLyCw =wOjR -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/4c02c868-f3c0-8bee-1768-165775bf8905%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Why does Qubes default to 2 VCPUs..?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-29 09:45, neilhard...@gmail.com wrote: > According to VM Settings, I have a maximum of 4 VCPUs that I can > use on any VM. > > When I installed Qubes though, it put 2 VCPUs on each VM. > > Is there any particular reason why I shouldn't be using all 4 > VCPUs..? > Using 4 VCPUs may decrease performance compared to using just 2 due to the scheduling overhead, and increasing from 2 to 4 doesn't seem to improve performance. See this discussion: https://groups.google.com/d/topic/qubes-users/IIFM9zLgXOA/discussion - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxGhIAAoJENtN07w5UDAwcz0P/imDs69MYJLMZlgPZVbr/DJ2 cNlr9Bvp/X+LRdbis+8DCNXE9HL2KZRj3jqN66zoZQ4KFo6L/idKZ1YF+0cep80J jOFbMjr8Ruf8Lvj5iL4MsTY0KfR4GHjBEcZtqwYfMLG6t2dz20aiD7ox15bcwUw0 MZfgPl+DYVVJxG0qUMOsycjCDwl5UnWh/EGHxs4ZFUqADQES7/ouM5deczK/uIoC l0GfOJsm3iyP6riqmiahe8bl6Njee14ZauwENCoS+kAmSQe8gikz8DVOAYkAMaEI BG4urxYOE7rshVIQrzYG4jRzuLdLBUCn0rEEBTx2M/mRQfrvXgEfGZSFO0m9mg6n hT/g674Rh8S369XlpqwMiMYtf/rVx4B7qj8Lb9qiHkv5sWLDuaOHpJuNNGFMmuIW VbwMNhkdjCXygIAK7kX37Aw3ni4bLfJxhCTK6tF58x48jD1vTqxtIzW2h7cYDeBt M5EvpUJBSZ4dQqLKg6cMZSc2KMvxyniLkW7JUgAurPkYQ4uNZZJXRENMX6ORInf/ KqTnpCXcQozbh4/UBjgTaf8rCH0Mc6o7cgcV81PgIHOaNXs39FXp1P++X6v0jnmJ 6oZIkBHYdDffNG5xilmcMZkZN1DCmwSE5Tn4DKx7yRgjtKoFstH2rwnEKFYYnr8H KtcIEcaQqEvQ7xVEu8ru =SmmL -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/509b2d28-951c-23ca-8af2-bf0ffd889fb3%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Why does Qubes default to 2 VCPUs..?
According to VM Settings, I have a maximum of 4 VCPUs that I can use on any VM. When I installed Qubes though, it put 2 VCPUs on each VM. Is there any particular reason why I shouldn't be using all 4 VCPUs..? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/f696d79b-2e28-48a0-be2f-2795952f60e1%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] HCL - ASUSTek_COMPUTER_INC_-G752VL-20160828
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 On 2016-08-28 23:58, 'n/a' via qubes-users wrote: > Hi, > > Video, networking (wired & wireless) is working properly, sleep > mode has worked correctly on most occasions, however on a few > attempts at returning from sleep mode (a longer period of time > passing) laptop appears to wake itself without touching a key - > keyboard is lit, screen is black, can hear the fans - all attempts > at getting back in Qube's at this point failes - have to hard > reboot (maybe some kind of wake on lan issue? [was using Ethernet > connection instead of wireless at the time this happened]) Also, > as already reported, touch-pad is not recognized on this laptop - > so I have had to use a external usb mouse. > > Please let me know if there is any other information you can use? > Forgot to Include cpio.gz in first HCL report, - I encrypted it > with Andrew Wong's public key due to the warning about private > information (hope this was ok?) That's fine. > Thanks for all your great efforts, grateful for people like you > all, and excited about learning Qube's. Keep up the good work! > Sincerely, anon.. > Thanks! - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -BEGIN PGP SIGNATURE- iQIcBAEBCgAGBQJXxGV8AAoJENtN07w5UDAwo90QAMRPc4zdNSy+zzMmrY4g7i2O 7D7JPfIumjmIEpVqyVD3B9uM6a6Zf4RCsImp0KrAkwsAjadoIq/YSvncqDIZF73N qY4hGkBjfjoKTj0iNMF+mAGumA8NBQ/dDaoAy3nzbVexmRyBh2F+6n7v0sWjjxyy DJypgt6YyznigWecFaRrVQORoAWjQ+7D4k35ohtGZ/1iHZfHe5O8xxyai788tW1/ MQLz+gtLSzafWmdiJkKWxq/oQZL0fGyjXzI847buprlG5c25O7jpmwILbXnjofw8 SHQl4YKkwLb7xB1KWLG8R/+WXMcmyZ8BAyVgPfRIW0M3JcJOG0BhuBZPqPKqS5qF Xn7rGPvPFXpZak7jfn918UTL21JT2i4DUb7+uNEerXe9FJ4Ug/rWR9uPWETpEpyD dz5VBLZZ5vELgNHWL1mRLrXPEol79ZcxO8EiQ/0UpmYktS2ZIzkJMSdJET6Llwgx jR/X4riSOFLYGWlREFzUFfh5fbl1bSUoK+SEfM0DGAQqkhiio3t8YwHZugOwFGRx /7x3nivyzHyPTpMwpfWLHhEXbwk9aCRrhzaqEEzCzvCy1fYAAc1KjgDTNwQ4i3io vio7sDVJ7JY0IKduUxQrXmE9T2YAbFWOdc9HBF4xbolpce7RQOrax+cnk4PdeClP hDzzWsEhe2YB5Myg3CI3 =gAGz -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/6c429471-ed28-cb8d-dcc3-a4ee1e151651%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Windows update
On Monday, August 29, 2016 at 4:31:37 PM UTC+2, Jan Betlach wrote: > I have installed standalone HVM with Windows 7 Pro. The installation went > smooth along with the windows tools from testing repo. > I do have however a problem - the windows update initiated from within the VM > is not working. It is "Checking for updates" for hours and never ends. > Networking (internet) inside the VM works without problems. > Any ideas? I had the same experience. WSUS provides a (suboptimal) solution. Not a clue what causes it, though. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/7d424e62-6f50-4a64-bb06-a33e03c52301%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Windows update
I have installed standalone HVM with Windows 7 Pro. The installation went smooth along with the windows tools from testing repo. I do have however a problem - the windows update initiated from within the VM is not working. It is "Checking for updates" for hours and never ends. Networking (internet) inside the VM works without problems. Any ideas? -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/0eef3161-192b-4e67-a821-e889188ae717%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] qvm-run only available from dom0?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Fri, Aug 19, 2016 at 08:56:38PM -, johnyju...@sigaint.org wrote: > > On 2016-08-19 05:11, johnyju...@sigaint.org wrote: > >> When I try to run qvm-run from within an AppVM, I get "Request refused." > >> > >> Is this by design, for security reasons? If so, I guess that's > >> perfectly > >> reasonable. I just don't see that fact documented anywhere. > >> > > > > Yes, but it's completely user-configurable. You can read all about this > > system > > here: > > > > https://www.qubes-os.org/doc/qrexec3/ > > Sweet! > > Mainly looking to have Keepass, running in an offline AppVM, to be able to > fire up specifically-allowed URL's in a browser in another AppVM, and > stuff a password into its clipboard. Getting anything to/from qubes clipboard can be triggered only by an explicit user action (ctrl-shift-c/v). This is to prevent many types of clipboard-based attacks. > (So it sounds like I could restrict the qrexec to a custom script in the > AppVM that only opens that specific site; and stuffing the clipboard > should be pretty benign, too.) You can create new qrexec service for that (which is also described on that linked page), but it may be tricky to do it securely. Anyway, if you're talking about normal AppVM (not DispVM), and you want to paste that password there from time to time, what about simply storing that password inside the browser? It has access to this password anyway, the only difference is when. But if it is compromised, it doesn't matter, so you don't really get anything from not storing it there. This of course doesn't apply to Disposable VM (DispVM in short), which by design should start from clean state. > If I'm very careful about the permissions, I should be able to keep any > risk under control. The qrexec design looks pretty flexible. > > Thanks! > - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxEUfAAoJENuP0xzK19csYugH/0uNjnrHicHyCvMSpS2CCPyj c/SrAN3bnx7dOovAqzNV3Pz5cCrXEBevwwjnSermp4li9CGH1CCEq8Zx0XyGNCdB MNjBq+mN8NzZIR3Lj0h8Hebp8rEtC5SY0oey9Rux3iM0RVjBjk6qTGse1jz5qS9K B07vIVRAL+dX2fzvv3H8fqTUJICgVQl2H13rQbykUMm2DGvCQs3R/uldZ00V6kGn qmLqCf3DQz1tljhkcodP0hRipWRroikdmyxre62gNddQy2e7iR0dDnF00+lzKfpl +UakaaBfZtBE05bMWehDEWSxBALofrhcnIVQLtyZQf3akkTGToip658JLa3lvcs= =2KFv -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160829142224.GF21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Boot problems on Lenovo T420 thinkpad
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On Thu, Aug 18, 2016 at 11:58:58AM -0700, cedarrab...@resist.ca wrote: > Hi everyone, > > Would-be new user of Qubes here, but a longtime Linux user. I'm trying to > install Qubes-R3.1-x86_64 on a Lenovo Thinkpad T420. I encountered the > "hangs on penguins" problem described here: > > https://www.qubes-os.org/doc/uefi-troubleshooting/ > > I followed the steps there and they all worked well, until the very last > section where it asks for " /boot/efi partition number". I don't know what > that is and I don't think it came from the previous steps. I tried it with > the entry number and with a similar number that came up during a different > step, but neither worked. > > One time it gave me an error reading "segmentation fault" and something > about needing a unique instance. When I rebooted, I couldn't boot to > anything. Another time it created two instances of Qubes in the boot menu > but trying to boot to either got stuck at penguins. > > I think all I really need is to know what a partition number is and where > to find it. Googling hasn't helped me so far, and I'd really appreciate > any help you all could provide. > > Thanks so much for all your work!! Looking forward to getting Qubes going. One of easiest way is `df /boot/efi` command - you'll see something like /dev/sda1 at the beginning. That "1" (or other number) is the partition number. - -- Best Regards, Marek Marczykowski-Górecki Invisible Things Lab A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQEcBAEBCAAGBQJXxEUSAAoJENuP0xzK19cswPAH/iHacUwOvwB0mkxl7oGlyvwd ihV8hmPghoWvY3md5DIV49H44QyyoyUjKR56Sv6tcZWGf2O1ooXAqHyOyMQkcrU0 cahvFVgfcOK595xvU1KyGScd9bzMN73uDOSH7oA2LPwhHbj1gFwC9awlLXYyrQgh /mnbG35oKinrs7PvgfhS1UsWi3xCS5o/cC4EYjG/gkokTcFb3+rC4FWk79ZkXKLr b6LN8w6kdHhmbXJtFjbEHAOjJzTfgiB0vyCUZHm9Lr6OF4Uf8KGQRRhCZ1FYk2lA sZxofw1FBJPp+RTIO3fIgM3V+AvzR0onaJekEJC58Ts/t/TA2e0i54AmehnQOuQ= =a8wM -END PGP SIGNATURE- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/20160829142210.GE21245%40mail-itl. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Weird network access issues
On 08/26/2016 11:23 PM, angelo "angico" costa wrote: > Hi, all! > > I'm experiencing some weird network access issues. I'm using Qubes 3.1. > > After logging in to the system, sys-net, sys-firewall and sys-whonix start as > expected, and network access is normally available. I can use apps such as > OwnCloud, qBittorrent, Firefox and others to connect to several internet > services and they all work fine. But suddenly, and I just cannot specify > when, the apps start to fail connecting. One such app that most catches my > attention with respect to the problem is OwnCloud, which reports connection > failure -- though other devices such as an Android tablet or even another > notebook running Debian, tell me Internet access is absolutely normal, > including access to my OwnCloud server. > > I've already tried restarting the VMs related to network connection -- > sys-net and sys-firewall -- but the problem persists, and it's happening with > two different notebooks -- an Acer Aspire with Intel Core i7, 10GB RAM, 1TB > HD and an unbranded one with equal CPU. 8GB RAM, and 640GB HD. > > Does anybody have experienced such issues? Does anybody have any hint on what > may be the cause of those issues and on how I can solve them? > > TIA and best regards to you all, > > Angico. > Perhaps I experienced the same issue. It happened to me a few times, seemingly random. Suddenly my AppVMs are not connecting to anything outside Qubes anymore. the only VM that was connecting was sys-firewall. The next time it happens I will write down what exactly I am experiencing and if the connection between the VMs are working properly. I also use a skylake i7 cpu, perhaps there is some connection? *shrug* regards bisam -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/a802f81e-8da0-b416-f5f6-2606b1e4456e%40fucked-up.net. For more options, visit https://groups.google.com/d/optout.
Re: SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes
On Monday, August 29, 2016 at 11:05:17 AM UTC+2, Foppe de Haan wrote:
> On Monday, August 29, 2016 at 10:53:00 AM UTC+2, Raphael Susewind wrote:
> > > It may be due to my not having had sufficient coffee yet, but what
> > > special character are you referring to? I don't see any. :o
> > >
> > > Anyway, relevant output for mine:
> > > 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> > > 5-2/usb-ver = 2
> > > 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> > > 7-2/usb-ver = 2
> > >
> >
> > the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)
> >
> > Looks like the problem is kind-of-known - see
> > /usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
> > the template on which your USB VM is based, so that it becomes persistent)
> >
> > ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
> >
> > immediately before
> >
> > DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
> >
> > Perhaps the Qubes developers could make this change permanent?
> >
> > Best,
> > Raphael
>
> Ah yes, that did the trick. Thanks for fixing it. :)
Only 'issue' left for me, and from a usability perspective is that the qvm-usb
output is rather useless, because all it displays is Microsoft_Microsoft --
which is what's shown when I enter the qubesdb-multiread command, rather than
lsusb. Any idea why they are requesting (human-readable) identification
information using different commands?
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/28db4ccc-e2f3-427c-a209-4db75a8f657e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Re: SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes
On Monday, August 29, 2016 at 10:53:00 AM UTC+2, Raphael Susewind wrote:
> > It may be due to my not having had sufficient coffee yet, but what special
> > character are you referring to? I don't see any. :o
> >
> > Anyway, relevant output for mine:
> > 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> > 5-2/usb-ver = 2
> > 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> > 7-2/usb-ver = 2
> >
>
> the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)
>
> Looks like the problem is kind-of-known - see
> /usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
> the template on which your USB VM is based, so that it becomes persistent)
>
> ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
>
> immediately before
>
> DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
>
> Perhaps the Qubes developers could make this change permanent?
>
> Best,
> Raphael
Ah yes, that did the trick. Thanks for fixing it. :)
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/70c38120-7af8-4a5e-b1ed-86d819c44a03%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
SOLVED --- Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes
> It may be due to my not having had sufficient coffee yet, but what special
> character are you referring to? I don't see any. :o
>
> Anyway, relevant output for mine:
> 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000
> 5-2/usb-ver = 2
> 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0
> 7-2/usb-ver = 2
>
the \xc2\xae. Run qubesdb-multiread with the '-r' switch and see ;-)
Looks like the problem is kind-of-known - see
/usr/lib/qubes/udev-usb-add-change - and can be changed by adding (in
the template on which your USB VM is based, so that it becomes persistent)
ID_SERIAL=`echo ${ID_SERIAL} | iconv -t ASCII//TRANSLIT`
immediately before
DESC="${ID_VENDOR_ID}:${ID_MODEL_ID} ${ID_SERIAL}"
Perhaps the Qubes developers could make this change permanent?
Best,
Raphael
--
You received this message because you are subscribed to the Google Groups
"qubes-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-users+unsubscr...@googlegroups.com.
To post to this group, send email to qubes-users@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-users/1ea17296-b954-a2b2-05e6-a3a686be53b9%40raphael-susewind.de.
For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes
On Monday, August 29, 2016 at 9:33:39 AM UTC+2, Raphael Susewind wrote: > > I am having more or less the same issue with my usb 2.00 devices (although > > I'm not seeing issues with buses having 2 digits); one is my keyboard, > > which, although it errors, works fine (permanently passed through to dom0). > > The other is my webcam (lifecam hd3000), which I cannot pass through to > > another qube because qvm-usb throws the error described above: > > Invalid 7-2 device desc in VM 'sys-usb' > > Invalid 5-2 device desc in VM 'sys-usb' > > Digging deeper, I ran qubesdb-multiread /qubes-usb-devices/ in my > sys-net-usb VM, and it looks like the device description for the > crashing device contains a special character: > > ... > 2-1_6/desc = 2232:1024 Namuga\xc3\xbf_Webcam_SC-13HDL11624N_SN0001 > ... > > Can you confirm that your two offending devices also have special > characters in the description? > > Meanwhile, I try to figure out how one can change the iManufacturer part > of the device descriptor manually (unfortunately, this is not covered in > /usr/share/hwdata/usb.ids) > > Raphael It may be due to my not having had sufficient coffee yet, but what special character are you referring to? I don't see any. :o Anyway, relevant output for mine: 5-2/desc = 045e:0779 Microsoft_Microsoft\xc2\xae_LifeCam_HD-3000 5-2/usb-ver = 2 7-2/desc = 045e:07a5 Microsoft_Microsoft\xc2\xae_2.4GHz_Transceiver_v9.0 7-2/usb-ver = 2 -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/adf351c8-7c47-4051-95c2-7e9f2ffa392d%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
Re: [qubes-users] Re: qvm-usb does not detect all devices, crashes
> I am having more or less the same issue with my usb 2.00 devices (although > I'm not seeing issues with buses having 2 digits); one is my keyboard, which, > although it errors, works fine (permanently passed through to dom0). > The other is my webcam (lifecam hd3000), which I cannot pass through to > another qube because qvm-usb throws the error described above: > Invalid 7-2 device desc in VM 'sys-usb' > Invalid 5-2 device desc in VM 'sys-usb' Digging deeper, I ran qubesdb-multiread /qubes-usb-devices/ in my sys-net-usb VM, and it looks like the device description for the crashing device contains a special character: ... 2-1_6/desc = 2232:1024 Namuga\xc3\xbf_Webcam_SC-13HDL11624N_SN0001 ... Can you confirm that your two offending devices also have special characters in the description? Meanwhile, I try to figure out how one can change the iManufacturer part of the device descriptor manually (unfortunately, this is not covered in /usr/share/hwdata/usb.ids) Raphael -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1add1d3c-d6e8-c71b-d0aa-835883859fc8%40raphael-susewind.de. For more options, visit https://groups.google.com/d/optout.
[qubes-users] Re: Building Archlinux Template Error
On Monday, August 29, 2016 at 5:15:28 AM UTC, Jovan Miloskovski wrote: > On Thursday, August 25, 2016 at 1:41:51 PM UTC, richar...@gmail.com wrote: > > On Wednesday, August 24, 2016 at 3:15:09 PM UTC+1, Foppe de Haan wrote: > > > On Wednesday, August 24, 2016 at 4:14:12 PM UTC+2, Foppe de Haan wrote: > > > > On Thursday, August 18, 2016 at 6:40:42 PM UTC+2, Jovan Miloskovski > > > > wrote: > > > > > Hi, > > > > > I'm really learning all of this template building stuff right now but > > > > > I've stumbled upon an error in the Archlinux qubes template building > > > > > process I can't find a solution for. > > > > > Here is the segment of the error in my terminal output: > > > > > > > > > > -> Building vmm-xen (archlinux) for archlinux vm (logfile: > > > > > build-logs/vmm-xen-vm-archlinux.log) > > > > > --> build failed! > > > > > gcc -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe > > > > > -fstack-protector-strong -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF > > > > > .subdirs-install.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 > > > > > -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall > > > > > -Wstrict-prototypes -Wdeclaration-after-statement > > > > > -Wno-unused-but-set-variable -Wno-unused-local-typedefs > > > > > -D__XEN_TOOLS__ -MMD -MF .subdir-install-libxl.d -D_LARGEFILE_SOURCE > > > > > -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF > > > > > .libxl_create.o.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Werror > > > > > -Wno-format-zero-length -Wmissing-declarations > > > > > -Wno-declaration-after-statement -Wformat-nonliteral -I. -fPIC > > > > > -pthread > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/xenstore/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include > > > > >-Wshadow -include > > > > > /home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/config.h > > > > > -c -o libxl_create.o libxl_create.c > > > > > gcc -D_FORTIFY_SOURCE=2 -march=x86-64 -mtune=generic -O2 -pipe > > > > > -fstack-protector-strong -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF > > > > > .subdirs-install.d -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -O2 > > > > > -fomit-frame-pointer -m64 -fno-strict-aliasing -std=gnu99 -Wall > > > > > -Wstrict-prototypes -Wdeclaration-after-statement > > > > > -Wno-unused-but-set-variable -Wno-unused-local-typedefs > > > > > -D__XEN_TOOLS__ -MMD -MF .subdir-install-libxl.d -D_LARGEFILE_SOURCE > > > > > -D_LARGEFILE64_SOURCE -O2 -fomit-frame-pointer -m64 > > > > > -fno-strict-aliasing -std=gnu99 -Wall -Wstrict-prototypes > > > > > -Wdeclaration-after-statement -Wno-unused-but-set-variable > > > > > -Wno-unused-local-typedefs -D__XEN_TOOLS__ -MMD -MF .libxl_dm.o.d > > > > > -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Werror > > > > > -Wno-format-zero-length -Wmissing-declarations > > > > > -Wno-declaration-after-statement -Wformat-nonliteral -I. -fPIC > > > > > -pthread > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/libxc/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/src/xen-4.6.1/tools/libxl/../../tools/xenstore/include > > > > > > > > > > -I/home/user/qubes-src/vmm-xen/sr
[qubes-users] HCL - ASUSTek_COMPUTER_INC_-G752VL-20160828
Hi, Video, networking (wired & wireless) is working properly, sleep mode has worked correctly on most occasions, however on a few attempts at returning from sleep mode (a longer period of time passing) laptop appears to wake itself without touching a key - keyboard is lit, screen is black, can hear the fans - all attempts at getting back in Qube's at this point failes - have to hard reboot (maybe some kind of wake on lan issue? [was using Ethernet connection instead of wireless at the time this happened]) Also, as already reported, touch-pad is not recognized on this laptop - so I have had to use a external usb mouse. Please let me know if there is any other information you can use? Forgot to Include cpio.gz in first HCL report, - I encrypted it with Andrew Wong's public key due to the warning about private information (hope this was ok?) Thanks for all your great efforts, grateful for people like you all, and excited about learning Qube's. Keep up the good work! Sincerely, anon.. -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/1264930864.1281351.1472453923462%40mail.yahoo.com. For more options, visit https://groups.google.com/d/optout. -BEGIN PGP MESSAGE- Version: GnuPG v1 hQIMAyyYz3tWP+oNAQ//RU17ySEr97M2NuC7ghPwvSJQuwhY3JhAno5lHNe6QlMw LyGs8uP1zZSNJgohzE0I/CxXOoeHkYhr6IestI+T0s8BD26Zgb+sbNuXTmQjjWcE 6SHhow5sFqnGGjqQXkhzNW5lx8LCI6zZxJ9PxcnvRw/7RjUlkN4irMP3ClBf/Q8M ymy0HttOjQMG6YO6PZD/OIdNrhuCZr7LFOUNGaNDav4LP7bc2sWXjsO/CRWhAZNU fHQe45slCR18AaItuItACm4VwFdju2VJm7/DQGWJZdiANwkLHe7pY4R7RfqT8lE7 u8tSu2FAKuFS9bOCKTpN+O1h8YMnbYaQahd1jYHYU+2SREkHT3i6n2hSzlAx7A4s Hw2oA+iooC2iAAcLpNvU/iZeC/Kd3oaiyI8r7pqxn+CTr1hBfKT2yroCZqKIBxVr OItqxtGpzvLgVKwAqiC2cA5CvooRFiKZQwUlRAn0mLRxA9dmHwzm4kBTok/+7x4C oQO3LRzbF7AXQYMbkt+aqVVXkQsCg6Moc90DGLUco+8JictLBxwAysGY71DAE/62 rEwrwlzcSsa+Do++188hrrfisPF5dMgfUE7nji+fflbzDTjEixa3KczPlxY0AS19 4dgyPQgybrmJYOpbjncWrs85yKcgipIvcJOBEXZgY/c/0urkmZwjKLB2/Y8c66nS /wAAKQoBtuA3gcMZ6/G7Y6HKIPq+8nGP0HrNutOU9iAAJXHqxb9KyBNuXfj7RVZK EeNqrIeisI4uRF+mG63PHxxDsGKAv1H+iVlN0eWvHcVgaIdInY4Z0suc/n5vnALe j10WHYO46SMIPQrZAuLh/pbjvZgJ+NnGjrga7ZarAbNKxnkBOvlx9R6bslSuRDhb BfDBlDomP4JYVSGHC7RYt1oViCXpAN/HrG9xpoebKFPuLSuZd1B13EP77Hk+46pS UINdPcA7abwOzHSB4Zb3uXlTuHbmXgr0u4+5Ofv9Fwtv0NgC125g4YN/r5SmQG0f cHBSHIu/l18HXRDld3Boej/tbcn6MkbtnO+A9IGnMJVwSBKPEu/TNxdX27MWJGJf hcEz8Fpujt1YwlGK0eQfQqDu+t//0PWo+ZyfloFUZBTL+wuT8hfd2cYLPBFhIZnH Kw+bSBgNaETMhlCYda9vcZ47Aym8WyNxGw0xd9WMr89InlXA+5xUkIPnk6KVv7dQ auXnIMNeqrP51FvFtY8VRPSAP4xQKCO1d0CWR2w7yEjI210QxtkahVhWlKt3mPoZ nwIjLjak9tUZUQDMQLKB72iydNBlR0S/In4xOHtaK3kC6hjgYUF0sFseLfBBVDdm sQ61i6AsilcTgOfDQ4L0R1Gf+sB0n7W+7M80EZXOtgSrhmCi9kBoSw+wTd7Sy7LN sKqtGxTXth9lyPnwoXOn8Sh57toRvaqvafKateSETa7cIPmcAtjguRLq1RMqI7rA oAJy2uVQhxlNDJAwOX23+Cr3x5mN6KY7mAgKw2+r5PhPKY05QPe798qZQn8KLSIe cXD+MzSpnq5qpxxjzbh7N1czYLbGNQoUKIf+cz05Iii7jTXdiSSu2DoYcZQY24I6 fO7sybbUMrF1+mqCMOx+yzb3/fa0jEm5GpcqO5vmEbAPFWvWV6/dWVPlGaMUoSzl M1qJ8cxFpaO7HUHgbO3LTJ+oR5EKJ8JPCvBJcUkwk6Gya2VJ3fprpnRNx/pmmQQ5 ofY3xg9TUOO5LnE2NUmuXLyh/aAMZvmShPCV0C3lrxH86Q6/lYw/suDrMniR1Nfh VdQCofngtOifSz9AYhGDPa0ZDxvocsoZ9emgwKPN37y71yc7MUq+H1PcKeUFfpEc kBqZ0HE9O/ufQSJwxzKHqExsDQqtA6qrd9L8CwG9nlpKcWIyCLoOJHoovbcqP7r0 YIF4GEmK1F+ljT4UqUFotEzkSLViVh53uyiBX+595T1MFdPNGqsNEdT6J0s2PZ53 l0GPADYH2VTsHjwWhdhzrD9rxMMU4r718WWhznA3zIgbZEqBJ+bQmR6dnrrwPp55 nnMMx2Bd5Shh190WW88CsWzmbrMQXhmVHSHzuHk1mS9Bg7VChZNyxQfwChtPSnT6 TozWG2onUgiFmweqjJAjaO8eIA0PZIYYbJAUio8fyae7MAfRqrpWg5Xol76b5+EG qDPq3fAB68WSP1HUzRr66A9MP/FFm4m7vruM7TpwBr/EGZpe5wbXrwu2f03QiJ4O pbVBgLTrIjNyCyYeXxHojGfa1ZVCy6VhUhCN5D2XzlrSZq8QaTVN0p9w9buaaxrG OkPpzGmM5EHz5+QjQ4sTJN4azFkeVUaNrx/XKrLzaKJCApcVgjbCn290epEpAnBR 6AYeAQNNZlartUWOI9nzMKzLOGjsjl/LeuoKW8h3+Qepah7YgmhqhiaShdKq7ndf Emd1RjDsT9iByv2LMQWtHdnhTCFaFe21famoX9jdZikaW6N2HQK+Tr3OqC7rG3Yq 6uPR45exkPX7azJ8VXgK0po95wiEFMaql4XbWpABqEZ7c8uSC6HEnXnfUkjciNt/ sz6bl+FLGmkp4/68t/Q2S/xuikiY+3E6jq0VebqdEOIOhtAncladKCd7pVEZasn0 sYv9rGkJjJwrUYv2XKVj7Jifhx0R24uYlpid4a8jOJ/1EGV5nX3lRwiG7RzN1P+x wr/NEOF8t5jdy19MDWj2hS8e8kS8fLDzpwlFGsFO1PiMSxLhkdj4ZE9OtnGpq9gL 7dLgie9Nh0o9aR81w+9U8D3+EIb5bh1ngm1Pbfp58EUGx0Fld2itrB7wUkbSQJO9 daFDSGk82WWnC9cQ3/nrXzqVqpND3XbI7CNtms7ENMeQaDPFCdP8xf2/gBpl2Tkz EX7BN+R25u8jFvFph2m8Eryg55QpNNkto2RGGOPFpin0EJUbiZdUb1n1lpfrmYmK gHT7FXjpegn/PqqTPIZAp/sbfuiZ3L0uE6ocBMGGXh61UY/i06lUlKb+PiACG7zG KLwQuZRQfj7awrKrlotwH1vJsXNwP5KPsjlCVPOmEeYd98jjtmxSI+myDVZ0Kp2A B9K1k0qB+waXEa/piwRFdTLJFl+qA7NwtkOW6mEGfKEwiWa7AT6ULQQOe5FfD93/ XQwo0A0VEJBIK1Q1vnfo9RXcdXYlh+gtbfpBwScDiOD13xdEpMZ0Spw1WP3xjE6p 7GRbCcJfT5WLbyjVqtNu34aYVCgU0sBcQC1H/xyZS3vxCCaMj7K4HrRkUMteFY3t 4bidzp3OvsHR6LzuJBdGCLxZodQGZ7/9RX5xup9y15Um6F5D6m2ckaw35uiwu1uV WsfJOAzLKEdIDQUYTBtBkpe2O51V3KAoR/xUItWnpkezMDYESf05igZ8N3D0SX1
